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REMARKS 

In the Office Action, the Examiner rejected claims 27-32 and 37 under 35 U.S.C. 
§101 as non-statutory subject matter and rejected claims 20-38 under 35 U.S.C. 
§1 02(a) as anticipated by Andrew J. Mahwah , An Implementation of Secure Web Client 
Using SPKI/SDSI Certificates, Massachusetts Institute of Technology (" Mahwah "). 

Claims 20-38 are currently pending. 

Applicants amended the specification to remove the description related to 
"program signal." As such, the rejection of claims 27-32 and 37 under 35 U.S.C. §101 
should be withdrawn. 

The Examiner rejected claims 20-38 under 35 U.S.C. §1 02(a) as anticipated by 
Mahwah . Applicants respectfully traverse this rejection. 

Claim 20 recites a combination including, among other things, "upon receiving 
the first request, the server computer establishing a session by allocating a resource at 
the server computer, the resource including an identifier, and returning, in response to 
the first request, a predetermined close instruction to the browser at the client computer, 
the close instruction carrying the identifier identifying the session at the resource" and 
"upon unloading at the browser the predetermined close instruction received from the 
server computer, sending a second request from the client computer to the server 
computer to indicate initiation of the predetermined close instruction by the browser, the 
second request carrying the identifier and indicating to de-allocate the resource at the 
server computer." 
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In contrast to claim 20, Mahwah discloses the following: 

• The client sends an HTTP 1 request (without credentials) to the Apache server. 

• The web server sends a response to the user containing the acl in the body with 
Content-Type "application / x-spki-sdsi" . 

• The Netscape web browser then loads the plug-in into memory and creates a 
new instance. The plug-in will then retrieve the user's public and private keys. 

• The plug-in generates a SPKI/SDSI tag specifying the permission that the client 
is requesting. 

• Using the acl, tag. user's public key, and user's certificate cache, the plug- 
in generates a sequence of certificates using the SPKI/SDSI certificate chain 
discovery algorithm discussed in section 3.L6. 

• The plug-in signs the request tag, and sends the signature and certificate chain 
to the server to verify. A copy of the user's public-key is included in the signa- 
ture. 

• The server verifies the request by extracting the public-key from the signature, 
recreating the request's tag, verifying the signature using the key, and verifying 
that there is a valid authorization chain from an entry on the acl to the key via 
the certificate chain presented. Upon successful verification, the server returns 
the requested document to the client. The HTTP status code "200 OK" is used 
for this reply. If the verification fails, a server-side customizable error page is 

returned to the user. The HTTP status code "403 Forbidden" is used for this 
reply. 

Mahwah , page 45. It is clear from the above excerpt that Mahwah fails to disclose a 
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predetermined close function provided by the server to the client, much less the "upon 
receiving" and "upon unloading" features recited in claim 20. Therefore, claim 20 and 
claims 21-26, at least by reason of their dependency from independent claim 20, are not 
anticipated by Mahwah , and the rejection of claims 20-26 under 35 U.S.C. § 102(a) 
should be withdrawn for this additional reason. 

The Examiner alleges that Mahwah 's "window. close" at page 55 discloses the 
following feature of claim 1 "upon receiving the first request, the server computer 
establishing a session by allocating a resource at the server computer, the resource 
including an identifier, and returning, in response to the first request, a predetermined 
close instruction to the browser, the close instruction carrying the identifier identifying 
the session at the resource." Applicants disagree with the Examiner's allegation, and 
submit that a scrutiny of the cited passage reveals that Mahwah lacks the above-noted 
feature of claim 20. Instead, at page 55, Mahwah discloses "source code for the 
open_session_window function." However, Mahwah 's source code is related to a "plug- 
in" at the browser (rather than at the server). See page 52 ("plug-ins available at 
/usr/local/lib/netscape/piug-ins or /$HOME/. netscape/plug-ins directory."); see also page 
54 ("plug-in checks to see if the session window has been started"); see also page 56 
("the plug-in displays a small "session window"); see also Figure 5-6 at page 57 
(depicting the session window). At best, Mahwah discloses a "session window" 
presented by a browser and a plug-in, and a text message presented by the browser to 
remind the user to "close this window." See Mahwah at Figure 5-6. As such, Mahwah 's 
session window cannot possibly constitute the following feature of claim 20: "upon 
receiving the first request, the server computer establishing a session by allocating a 

resource at the server computer, the resource including an identifier, and returning, in 
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response to the first request, a predetermined close instruction to the browser, the close 
instruction carrying the identifier identifying the session at the resource." Therefore, 
claim 20 and claims 21-26, at least by reason of their dependency from independent 
claim 20, are not anticipated by Mahwah , and the rejection of claims 20-26 under 35 
U.S.C. § 102(a) should be withdrawn for this additional reason. 

The Examiner also alleges that Mahwah at page 52 discloses the following 
feature of claim 20: "upon unloading at the browser the predetermined close instruction 
received from the server computer, sending a second request from the client computer 
to the server computer to indicate initiation of the predetermined close instruction by the 
browser, the second request carrying the identifier and indicating to de-allocate the 
resource at the server computer," However, a careful scrutiny reveals that Mahwah at 
page 52 cannot possibly disclose a predetermined close instruction, much less "upon 
unloading at the browser the predetermined close instruction received from the server 
computer, sending a second request from the client computer to the server computer to 
indicate initiation of the predetermined close instruction by the browser, the second 
request carrying the identifier and indicating to de-allocate the resource at the server 

3. Instance Deletion. A plug-in instance is deleted when a user leaves the in- 
stance's page, or closes the window. Netscape informs the plug-in instance that 
it will be deleted by calling the NPPJDestroy function. The plug-in can then 
free up allocated memory and close open files before being deleted. 

4. Shutdown. When the last plug-in instance is deleted during a particular 
Netscape session, the plug-in code is unloaded from memory. Netscape calls 
the function NPP_Shutdown to alert the last plug-in. The plug-in can then free 
globaJ resources accordingly, 

computer." as recited in claim 20. Instead, Mahwah discloses the following: 

Mahwah , page 52. In addition to lacking a predetermined close instruction 
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functionality, Mahwah also makes clear that it is the browser's plug-in that is closed and 
has its resources freed. In contrast, claim 20 expressly states that "upon unloading ... 
indicating to de-allocate the resources at the server computer." As such, Mahwah fails 
to disclose the "upon unloading" feature recited in claim 20. Therefore, claim 20 and 
claims 21-26, at least by reason of their dependency from independent claim 20, are not 
anticipated by Mahwah , and the rejection of claims 20-26 under 35 U.S.C. § 102(a) 
should be withdrawn for this additional reason. 

Independent claims 27, 33, and 36-38, although of different scope, include 
features similar to those noted above for claim 20. For at least the reasons given with 
respect to claim 20, claims 27, 33, and 36-38 are not anticipated by Mahwah , and the 
rejection under 35 U.S.C. §102(a) of claims 27-33 and 36-38 as well as claims 28-32 
and 34-35, at least by reason of their dependency from independent claims 27 and 33, 
should be withdrawn. 
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CONCLUSION 

It is believed that all of the pending claims have been addressed in this paper. 
However, failure to address a specific rejection, issue or comment, does not signify 
agreement with or concession of that rejection, issue or comment. In addition, because 
the arguments made above are not intended to be exhaustive, there may be reasons for 
patentability of any or all pending claims (or other claims) that have not been expressed. 
Finally, nothing in this paper should be construed as an intent to concede any issue with 
regard to any claim, except as specifically stated in this paper, and the amendment of 
any claim does not necessarily signify concession of unpatentability of the claim prior to 
its amendment. 

On the basis of the foregoing amendments, Applicants respectfully submit that 
the pending claims are in condition for allowance. If there are any questions regarding 
these amendments and remarks, the Examiner is encouraged to contact the 
undersigned at the telephone number provided below. No fee is believed to be due, 
however, the Commissioner is hereby authorized to charge any fees that may be due, 
or credit any overpayment of same, to Deposit Account No. 50-031 1 , Reference No. 
34874-040-NATI72000P00016WOUS01. 

Respectfully submitted, 

Date: 17 December 2007 /PFS/ 

Pedro F. Suarez 
Reg. No. 45,895 

Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. 

9255 Towne Centre Drive, Suite 600 

San Diego, CA 92121 

Customer No.: 64280 

Tel.: 858/320-3040 Fax: 858/320-3001 
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